Critical Security Vulnerability in GitHub Enterprise Server Allows Authentication Bypass

May 21, 2024

GitHub has implemented fixes to address a severe vulnerability in the GitHub Enterprise Server (GHES) that could potentially enable an attacker to bypass authentication safeguards. This flaw, identified as CVE-2024-4985 and assigned a maximum severity score of 10.0, could allow unauthorized individuals to gain access to an instance without the need for previous authentication.

This vulnerability is particularly concerning for instances that use SAML single sign-on (SSO) authentication with the optional encrypted assertions feature. In such cases, an attacker could forge a SAML response to provision and/or gain access to a user with administrator privileges.

GHES is a self-hosted platform that organizations use for software development. It enables them to store and build software using Git version control, as well as to automate the deployment pipeline. This issue affects all versions of GHES prior to 3.13.0 and has been rectified in versions 3.9.15, 3.10.12, 3.11.10, and 3.12.4.

GitHub also noted that encrypted assertions are not enabled by default, and the flaw does not affect instances that do not utilize SAML SSO or those that use SAML SSO authentication without encrypted assertions. Encrypted assertions offer site administrators the ability to enhance a GHES instance's security with SAML SSO by encrypting the messages that the SAML identity provider (IdP) sends during the authentication process.

Organizations that are using a vulnerable version of GHES are advised to update to the latest version to secure against potential security threats.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.